clank-manage/roles/bespoke/tasks/main.yaml

---
- name: install wireguard
  apt: 
    name: wireguard
    update_cache: yes
    cache_valid_time: 3600

- name: generate private and public key pair
  args:
    creates: /etc/wireguard
  shell: |
    mkdir -p /etc/wireguard/
    cd /etc/wireguard/
    wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
    chmod 0400 clank-privatekey
    chmod 0400 clank-publickey

- name: read public key
  command: cat /etc/wireguard/clank-publickey
  register: wireguard_publickey

- name: read private key
  command: cat /etc/wireguard/clank-privatekey
  register: wireguard_privatekey

- name: print publickey
  debug:
    msg: "{{ wireguard_publickey.stdout_lines[0] }}"

- name: Generate WireGuard configuration
  template:
    src: wireguard.conf.j2
    dest: /etc/wireguard/wg0.conf
  vars:
    interface_address: "{{ wireguard_peer_ip }}"
    listen_port: " {{ main_wireguard_port }} "
    private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
    allowed_ips: "10.0.9.0/24"
    peer_public_key: "{{ main_wireguard_public_key }}"
    endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
    persistent_keepalive: 25

- name: enable and start wireguard service 
  systemd:
    name: "wg-quick@wg0"
    state: started
    enabled: yes


- name: Update apt cache
  apt:
    update_cache: yes

- name: Install prerequisite packages
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
    state: present

- name: Add Docker GPG key
  apt_key:
    url: https://download.docker.com/linux/debian/gpg
    state: present

- name: Add Docker repository
  apt_repository:
    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable"
    state: present

- name: Install Docker
  apt:
    name: docker-ce
    state: present

- name: Start and enable Docker service
  service:
    name: docker
    state: started
    enabled: yes

- name: Download Docker Compose
  get_url:
    url: "https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64"
    dest: /usr/local/bin/docker-compose
    mode: 'u=rwx,g=rx,o=rx'

- name: Set executable permissions for Docker Compose
  file:
    path: /usr/local/bin/docker-compose
    mode: 'u=rwx,g=rx,o=rx'

- name: install git
  apt: 
    name: 
      - git 
      - python3
      - python3-pip
    update_cache: yes
    cache_valid_time: 3600

- name: Install docker package
  pip:
    name: 
      - docker
      - docker-compose
    state: present

# Monitoring
    
## node exporter

- name: clone private git repository
  git:
    repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/node-exporter-local.git
    dest: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local
    version: main
    force: yes

- name: ensure docker compose file exists
  stat:
    path: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/docker-compose.yml
  register: compose_file_stat

- name: run docker compose
  docker_compose:
    project_src: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/
  when: compose_file_stat.stat.exists

## container exporter

- name: clone private git repository
  git:
    repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/container-exporter-local.git
    dest: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local
    version: main
    force: yes

- name: ensure docker compose file exists
  stat:
    path: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/docker-compose.yml
  register: compose_file_stat

- name: run docker compose
  docker_compose:
    project_src: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/
  when: compose_file_stat.stat.exists
feat: add main infra 2023-05-13 02:30:08 +02:00			`---`
			`- name: install wireguard`
			`apt:`
			`name: wireguard`
			`update_cache: yes`
			`cache_valid_time: 3600`

			`- name: generate private and public key pair`
			`args:`
			`creates: /etc/wireguard`
			`shell: \|`
			`mkdir -p /etc/wireguard/`
			`cd /etc/wireguard/`
			`wg genkey \| tee clank-privatekey \| wg pubkey > clank-publickey`
			`chmod 0400 clank-privatekey`
			`chmod 0400 clank-publickey`

			`- name: read public key`
			`command: cat /etc/wireguard/clank-publickey`
			`register: wireguard_publickey`

			`- name: read private key`
			`command: cat /etc/wireguard/clank-privatekey`
			`register: wireguard_privatekey`

			`- name: print publickey`
			`debug:`
			`msg: "{{ wireguard_publickey.stdout_lines[0] }}"`

			`- name: Generate WireGuard configuration`
			`template:`
			`src: wireguard.conf.j2`
			`dest: /etc/wireguard/wg0.conf`
			`vars:`
			`interface_address: "{{ wireguard_peer_ip }}"`
			`listen_port: " {{ main_wireguard_port }} "`
			`private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"`
			`allowed_ips: "10.0.9.0/24"`
			`peer_public_key: "{{ main_wireguard_public_key }}"`
			`endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"`
			`persistent_keepalive: 25`

			`- name: enable and start wireguard service`
			`systemd:`
			`name: "wg-quick@wg0"`
			`state: started`
			`enabled: yes`


			`- name: Update apt cache`
			`apt:`
			`update_cache: yes`

			`- name: Install prerequisite packages`
			`apt:`
			`name:`
			`- apt-transport-https`
			`- ca-certificates`
			`- curl`
			`- gnupg`
			`- lsb-release`
			`state: present`

			`- name: Add Docker GPG key`
			`apt_key:`
			`url: https://download.docker.com/linux/debian/gpg`
			`state: present`

			`- name: Add Docker repository`
			`apt_repository:`
			`repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable"`
			`state: present`

			`- name: Install Docker`
			`apt:`
			`name: docker-ce`
			`state: present`

			`- name: Start and enable Docker service`
			`service:`
			`name: docker`
			`state: started`
			`enabled: yes`

			`- name: Download Docker Compose`
			`get_url:`
			`url: "https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64"`
			`dest: /usr/local/bin/docker-compose`
			`mode: 'u=rwx,g=rx,o=rx'`

			`- name: Set executable permissions for Docker Compose`
			`file:`
			`path: /usr/local/bin/docker-compose`
			`mode: 'u=rwx,g=rx,o=rx'`

			`- name: install git`
			`apt:`
			`name:`
			`- git`
			`- python3`
			`- python3-pip`
			`update_cache: yes`
			`cache_valid_time: 3600`

			`- name: Install docker package`
			`pip:`
			`name:`
			`- docker`
			`- docker-compose`
			`state: present`

			`# Monitoring`

			`## node exporter`

			`- name: clone private git repository`
			`git:`
			`repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/node-exporter-local.git`
			`dest: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local`
			`version: main`
			`force: yes`

			`- name: ensure docker compose file exists`
			`stat:`
			`path: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/docker-compose.yml`
			`register: compose_file_stat`

			`- name: run docker compose`
			`docker_compose:`
			`project_src: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/`
			`when: compose_file_stat.stat.exists`

			`## container exporter`

			`- name: clone private git repository`
			`git:`
			`repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/container-exporter-local.git`
			`dest: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local`
			`version: main`
			`force: yes`

			`- name: ensure docker compose file exists`
			`stat:`
			`path: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/docker-compose.yml`
			`register: compose_file_stat`

			`- name: run docker compose`
			`docker_compose:`
			`project_src: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/`
			`when: compose_file_stat.stat.exists`